Managing SSH

Initializing SSH Keys

The Public and Private keys are created on the client using ssh-keygen

The Private Key is stored securely on the client, and the Public Key is copied onto the server using ssh-copy-id

Logging in with SSH Key

When accessing the server via SSH, the server will send an encrypted packet to the client containing the Public Key, in which the client responds with the contents of the Private Key

Setting up SSH Key-based Login

ssh-keygen: Creates a public/private key pair for the current user

Setting a passphrase for the private key makes it more secure but also makes it less convenient to access the server

ssh-copy-id: Copies the public key to the target server

ssh-agent /bin/bash: If the private key has a set passphrase, this command allocates space in the bash shell to cache the passphrase

If this is done, ssh-add must be used to set the passphrase

Changing Common SSH Server Options

Server options are set in /etc/ssh/sshd_config

Port: Sets the port SSH listens on

PermitRootLogin: Enables/Disables root login

PubkeyAuthentication: Enables/Disables logging in via ssh-keys

PasswordAuthentication: Enables/Disables logging in with a password

X11Forwarding: Allows users to forward a graphical screen

AllowUsers: Specifies specific users that can access the system

The sshd daemon must be restarted if changes are made to /etc/ssh/sshd_config:

systemctl restart sshd

Securely Copying Files

scp: Used to securely copy files over the network using the sshd daemon

Syntax: scp [file1] [file2] [user]@[server]:[/path/]

sftp: Offers an FTP client interface to securely transfer files using SSH

put /file: Uploads a file

get /file: Downloads a file to the current working directory

Securely Synchronizing Files

rsync: Used to synchronize files via SSH

If the source and target file already exist, rsync will only synchronize their differences

Options

r: Recursive synchronization

l: Synchronizes symbolic links

p: Preserves symbolic links

n: Dry run

a: Archive mode, which is equivalent to -rlptgoD

A: Uses archive mode and also synchronizes ACLs

-X: Synchronizes SELinux context

Leave a Reply

Your email address will not be published.